{bc}
linkedin

Application Security Engineer

Opendoor
Miami, QAT
Full Time
Senior
Hybrid
4 weeks ago
GoPythonTypeScriptRubyTerraformKubernetes
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

GoPythonTypeScript
Smart Apply

Full Job Posting

About the Role

  • Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity.
  • As our Application Security Engineer, you'll own how we find, prioritize, and drive down application layer risk across consumer flows, GraphQL APIs, and AI tools.

What You'll Do

  • Define, build and operate Opendoor’s application vulnerability identification capability.
  • Assess, rationalize and own our AppSec tooling stack.
  • Own and mature our HackerOne program.
  • Lead threat modeling and security design reviews for new services, APIs, and mobile features.
  • Build AI agents and automated workflows that triage vulnerability reports.
  • Partner with engineering teams to harden authentication, authorization, and input validation.
  • Build Opendoor’s offensive security capability.
  • Set the bar for what 'secure by default' looks like for AI maximalist engineering.

What You'll Need

  • Deep conviction that AI and automation should eliminate manual work.
  • Comfort operating with high autonomy in ambiguous environments.
  • Business enablement security mindset.
  • 5+ years of application security or software engineering experience with a security focus.
  • Hands on expertise across the security risk detection toolchain.
  • Strong grasp of common application and API vulnerability classes.
  • Practical threat modeling skills.
  • Experience with cloud and container security on AWS and Kubernetes.
  • Humility and genuine curiosity.

Tech Stack

  • Languages: Go, Python, TypeScript, Ruby, Terraform
  • Cloud: AWS, GCP, Azure, Kubernetes, Apollo GraphQL
  • AppSec Tooling: GitHub Advanced Security (CodeQL, Dependabot, secret scanning), Semgrep, HackerOne, Burp Suite, Cloudflare WAF
  • AI Tooling: Claude, OpenAI, various agent frameworks, MCP

Bonus Points

  • Offensive security experience including pentesting, API security, or mobile security.
  • Experience running a bug bounty or coordinated disclosure program at scale.
  • Mobile application security review experience (iOS and Android).
  • Experience securing AI and machine learning pipelines.
  • OSCP, OSWE, or similar offensive certifications.

Location

  • This role is based in our downtown Miami office, in person four days per week (Monday, Tuesday, Thursday, Friday).
  • Candidates must be based within commuting distance of the office.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today